Source: Security.NL
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) reportedly received more than 13,000 privacy complaints and signals in 2025, up from 7,100 the year before. According to Security.NL, which reported on the AP's 2025 annual report, this sharp rise shows that more people in the Netherlands are aware of their rights under the GDPR (AVG) and know how to report concerns.
According to Security.NL, a significant share of the complaints related to a data breach at Clinical Diagnostics, in which sensitive data belonging to more than 900,000 people was stolen. People who filed complaints reportedly said they received little information about what had happened and felt their concerns were not taken seriously. Some women reported feeling unsafe because their home addresses had been leaked.
Following the breach, the AP reportedly started a supervisory process involving Clinical Diagnostics and Bevolkingsonderzoek Nederland, focused on ensuring that victims were properly informed. The fact sheet notes that the outcome of this process has not been stated.
According to Security.NL, of the more than 13,000 complaints and signals received in 2025, more than 11,000 were handled. Around two thousand complaints are still waiting to be processed. The AP has reportedly acknowledged that waiting times are increasing, which it describes as an important concern.
To handle complaints more efficiently, the AP reportedly began making faster telephone contact with people and organisations to resolve issues directly. The authority also says it is increasingly using on-site supervisory visits to address situations affecting large numbers of people in one go.
If your business collects personal data, such as customer names, email addresses or health information, you are required under the GDPR (AVG) to handle that data responsibly and to inform people clearly if something goes wrong. The growing number of complaints shows that people are increasingly willing to report concerns to the AP, so it is worth checking that your privacy practices are in order. You can use our GDPR compliance checklist and privacy policy guide as a starting point.
Scan gratuit couvrant le RGPD, le droit d'auteur, l'accessibilité, la sécurité et plus encore.
Scanner votre site gratuitementThe EDPB adopted its work programme for 2026-2027 during its latest plenary on 12 February 2026, focusing on easing compliance and strengthening cooperation.
The European Data Protection Board (EDPB) has announced a major coordinated enforcement action for 2026, focused on how businesses inform people about the use of their personal data. According to the
The European Data Protection Board (EDPB) has adopted its work programme for 2026-2027, with a clear focus on making GDPR compliance simpler for organisations. The announcement was published on 13 Feb